YES!!! MVP for one more year!

By admin on July 1st, 2013

One might think you get “used” to wait for The mail every July first but I tell you, I don’t!

So it’s with a great deal of proud and an even bigger portion of happiness I say that I’m an Exchange Server MVP for my fifth year in a row!


Importing certificate in Exchange 2013 from Exchange 2010

By admin on June 29th, 2013

I very often hear comments like “I don’t like certificates” and realizes that if you are not working with “certs” all day long it might be a hassle to get all the stuff you need in the right place. So I thought I give you some of my experiences with certificates and then a little “how to import” them.

The best way to think of what host names that should be in a cert (for Exchange) is to find out what names you are using for your different services. Below you see a table of all services in Exchange 2013 that could need a certificate.

Service Internal URL External URL
Exchange Web Services
Active Sync
Outlook Web App
Offline Address Book
Exchange Control Panel
Outlook Anywhere
  • I filled in typical values that could be valid in a split DNS scenario but you should find your own values!
  • And to be clear, it’s not a huge thing to change a value (URL) as long as you have Autodiscover setup properly, your clients will get your new configuration and use that.
  • To have a certificate to import I will start by export a certificate from Exchange 2010. This could be done via Exchange Management Shell or a GUI but to make things crystal clear I will show you a GUI-based way.
  • First lets open up a MMC on a server when you have the certificate.
  • Add the snap-in for Certificates
  • Select “Computer account”
  • Select “Local computer”
  • Navigate to Personal, Certificates
  • Then you should see something similar to the screenshot below (It’s possible you have more entries than me)
  • Select the certificate you need, right click on it, go to All tasks and select Export
  • It’s critical that you select “Yes, export the private key”
  • Choose the format you like to export your certificate to:
  • In Windows 2012 you can set permissions to a group or user but in older versions of Windows you won’t have this option so I go for Password.
  • Choose a file name and save your certificate.
  • Hit next and finish and your cert is exported. With that we can import it in Exchange 2013.
  • Open up your favorite browser on your Exchange 2013 server and enter the address https:\localhost/ecp
  • That will take you to the Exchange Admin Center logon page.
  • If you experience a sad face and “something went wrong” it’s most likely because you have not moved the mailbox you just logged on to to Exchange 2013.
  • Don’t worry about that and change the URL to https:\localhost/ecp?ExchClientVer=15 and you should see the EAC.
  • Navigate to Servers and then Certificate and hit the three dots… Go for import certificate
  • Enter the UNC path to where you exported the certificate and enter the password
  • Choose the servers you want to import the certificate to
  • Now your certificate is imported but it’s not yet assigned to any services so lets do that as well!
  • Mark your certificate and click edit (the pencil icon)
  • Go to Services and select the services you like to use the cert for
  • it’s likely that you will be presented with a Warning about overwriting the current certificate, click yes
  • That’s it, happy SSL!

Sommar betyder Sommarkollo!

By admin on June 19th, 2013

(In Swedish)

Sommaren står för dörren och solen skiner! För mig betyder detta semester, sol och självklart Sommarkollo! Sommarkollo är samlingsnamnet på Microsofts seminarier under sommaren för partner och företagskunder, där du kan ta del av nyheter, teknik och annan intressant och användbar information som rör de senaste och hetaste produkterna. Delta på så många seminarier du vill – helt utan kostnad! Sommarkollo kommer till Stockholm, Göteborg och Helsingborg.

Själv kommer jag prata Exchange 2013 i Stockholm i augusti. Min halvdag kommer dels att handla om Exchange 2013 och dess nyheter men jag kommer också att fokusera på vad som är nytt för användarna och hur vi kan göra dem lyckliga, förbered dig på många demo av nya spännande funktioner!

Anmälan till en halvdag med Exchange 2013 den 13 augusti

Anmälan till en halvdag med Exchange 2013 den 20 augusti

Error in Exchange 2013 Certificate Wizard

By admin on June 18th, 2013

Update: This issue have been fixed in CU2

As part of an Exchange 2013 deployment I used the Exchange Admin Center, EAC, to create a request a new certificate today. The whole process of doing that is described in numerous places on the web (like here) so I wont go into details about that but I will mention a fact that came as a bit of a surprise to me….

After all the “hard work” with getting all namespaces correct the only part left was to enter the details of the customer. In this part you type in information about Organization name, Department, where you are located and so on. Normally this doesn’t present a huge challenge for me but when I for the second time got the request file back from the certificate provider telling me to enter the organization name correct I asked my self if I had gone totally bananas… But as I soon discovered the wizard in Exchange 2013 actually switches two fields… What you enter in “Organization name” will in the request file be presented in  “Department name” and vice versa.

So in the example below (picture taken from Digicert link above), “Your Company Inc” would in the request end up in the department feels and “IT” where your organization name should have been.

This error is present in Exchange 2013 RTM and CU1 but the team over in Redmond know about the issue so I expect this to be fixed in future releases.

So what is the real impact of this problem? I would say very little besides the fact that some certificate provider, like my customers today, maybe won’t issue a certificate if the check all the details carefully. Once you have your cert, even if it has the two fields mixed up, it will work just as expected so no huge issue but something to be aware about.

Update: I forgot to mention that this issue won’t happen if you generate your request from Exchange Management Shell! Thanks for the reminder Dave! And while I’m thanking I should say a thank you to TRUSTZONE as well who twice rejected our requests, wouldn’t have seen this other ways.

Happy 443!

Building my new Hyper-V lab server, for real…

By admin on June 17th, 2013

A few weeks back I posted the ingredients to my new lab server and now I finally got the parts for it. Unfortunately I tried to get my hands on a new SSD, the Crucial M500 960GB , and that turned out to be a bad choice, not that it didn’t work but rather that it couldn’t be shipped so that’s why I had to wait so long. My need for a new lab was huge so I went back to the 500 GB Samsung SSD to get started.

Since this project has gone on for a while and it turned out great I wanted to share some thoughts…

All parts needed for a great lab:

Some time and a glass of wine later…

The power supply I had worked but it could only support one of the two CPU’s so I looked for a new one. My choice was PC Power & Cooling 850W Silencer MK III that I found has scored well in several tests. But I found out that a white power supply really didn’t match the theme of this computer (I promise, you don’t need to tell me that thinking in terms of themes for a computer is geeky, my wife took care of that part!) and repainted it….

So with all parts assembled it now looks like this:

But besides the look (witch you could already tell I’m pretty pleased about) there are some things I wanted to share!

The first thing I’m really (!) pleased about is the remote management capabilities of the mother board I used. It allows me to power on (or off and reset) my lab computer from anywhere in the world witch of course saves power as it doesn’t have to be running al the time. In my previous blog post I had the ASUS ASMB6_IKVM listed separate but it turned out to be included on the mother board, ASUS Z9PA-D8, so I ended up with a spare one…  The user interface is simple but I get all the information (like temperatures, voltages and fan speeds) I need.

The second part of why I’m super excited about this machine is all thanks to my friend Mikael Nyström. Thanks to Mikael I can deploy a server or a client in less than a minute. Have a look at his scripts for Hyper-V here. It’s the Zip named NICConf2013-W8-Hyper-V-files. I have made some modifications to the template files and can now deploy almost any configuration of a server without even have to log on to it.

And the absolutely best part of this whole build is that the “server” is so quite! Since I have it in my office at home I wanted it to be really quite and the only fan (running) is the fan for the water cooling. If I put me ear to the case I can hear some “bubbling” noise but from a meter I can’t even tell if it’s on or not. Witch is great working at night as I’m doing right now…

So now when I have a working lab again I promise I will continue my series on how to migrate to Exchange 2013! Stay tuned for part 2!

Now reading – Microsoft Exchange Server 2013 PowerShell Cookbook: Second Edition

By admin on May 31st, 2013

I just got my hands on 470 pages of Exchange and PowerShell tips and tricks! It’s the second edition of Exchange PowerShell cookbook, the fist one was written by Mike Pfeiffer and on this second edition a fellow Swede Jonas Andersson has updated the book to Exchange 2013.

My expectations are high and I promise to get back to you with a review when I’m done reading but I can already tell that I like the way Jonas has put this together and I’m sure there are plenty of things to be learned even for more experienced administrators.

If you can’t wait to read this book you can order it from PACKT Publishing

So stay tuned for the review!

Exchange 2013 OWA users logged out within 5 minutes

By admin on May 30th, 2013

A great friend and fellow MVP, Anders Olsson, wrote a blog about how users in Outlook Web App get’s logged out after 5 minutes. Since Anders writes in Swedish we thought it would be a good idea to publish it in English as well so here it is.

More and more organizations are upgrading their Exchange solutions to Exchange 2013. Many of these organizations uses a Forefront Threat Management Gateway, TMG, to secure the messaging solution. In most cases this works perfectly well but some have ran into issues with dropped sessions after 5 minutes. This is a known problem when TMG and Exchange 2013 are communicating but it only affects a few customers and we have not yet found the common ground for these issues. Microsoft has not yet released a official fix for this but TMG has a feature that can be used to solve the problem.

Session timeout is normally based on a user choice when logging on. In the Forms based authentication form a user can choose between Public or private computer witch results in 10 or 360 minutes session timeout.

These timeout values can be set via “Advanced Form Options from Forms on each listener in TMG.

Changing the value of these settings has proven not to work for customers with these issues.

The solution to this problem is a feature in TMG called Credential Caching. From Advanced (Authentication Options) on the listener you will find Client Credentials Caching. The feature has a self explanatory name, it caches the credentials for a certain time and the default value is 300 seconds, witch of course is out 5 minutes. By changing this value we can raise the time clients stays logged on.

You should NOT change the timeout value if you don’t experience this specific issue!

More information about how to publish Exchange 2013 with TMG can be found on the Exchange Team blog.